Date: Tue, 5 May 2009 17:20:22 +0200 From: Nico Golde <oss-security+ml@...lde.de> To: oss-security@...ts.openwall.com Cc: coley@...re.org Subject: Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg) Hi, * Nico Golde <oss-security+ml@...lde.de> [2009-05-05 17:18]: > can I get a CVE id for http://bugs.debian.org/526678 > > The xvfb-run script used in Debian insecurely passes the X > magic cookie via the commandline so it's an easy thing to > grab it with system access. YFYI, our maintainer just told me that he thinks this is included since Fedora 10 in Fedora as well... Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@...ber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ